On Fri, Apr 4, 2014 at 6:51 AM, Nikita Schmidt <nik...@megiontechnologies.com> wrote: > Fair enough. Although I would have chosen the field order (p) simply > because that's how all arithmetic already works in bitcoin. One field > for everybody. It's also very close to 2^256, although still smaller > than your maximum prime. Now of course with different bit lengths we > have to pick one consistency over others.
Operation mod the group order is how secret keys must be combined in type-2 private derivation for BIP-32. It's also absolutely essential if you want to build a secret sharing scheme in which the shares are usable for threshold ECDSA. I still repeat my concern that any private key secret sharing scheme really ought to be compatible with threshold ECDSA, otherwise we're just going to have another redundant specification. ------------------------------------------------------------------------------ _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
